<?php

error_reporting(E_ALL);
ini_set('display_errors', '0');
include_once 'user.class.php';
include_once 'functions.php';


$a = session_id();if(empty($a)) session_start();
if(!isset($_SESSION['logat'])) $_SESSION['logat']='';
$adm=0;
$db=new stdb();

if(isset($_SESSION["root_path"]))
$path=$_SESSION["root_path"];

if(isset($_GET['action'])){


if(!strcmp($_GET['action'],"log_in")){

    if(isset($_POST["username"])&&isset($_POST["password"])){

       mysql_safer();
        $hash=md5(md5($_POST["password"]));
        $sql_login = "Select * from utilizatori where username='$_POST[username]'";
        $rezultat = $class_db->q($sql_login);
        $rows = mysql_num_rows($rezultat);
        if($rows<0){ echo "user inexistent!";}
        if($rows>1){ echo "Ceva dubios s-a intamplat";}
        if($rows==1){
         while($row = mysql_fetch_array($rezultat)) if(strcmp($row['parola'],$hash)==0 && $row['activ']>0)
                {echo md5(md5($_POST['username'])).$hash;
                 setcookie("pu", md5(md5($_POST['username'])).$hash, time()+3600,"/");
                     $_SESSION['user'] = $_POST['username'];
                     $_SESSION['pass'] = md5( md5($_POST['password']) ) ;
                     if( $row['grup'] == 1 )
                            $_SESSION['logat']="user";

                     if( $row['grup'] == 0)
                            $_SESSION['logat']="admin";
                            $_SESSION['id']=$row['ID'];

                            $user= new user();
                            $user->id=$_SESSION['id'];$user->name=$_SESSION['user'];$user->hash=md5( md5($_POST['password'])).md5(md5($_POST['username'])); $user->tip=$_SESSION['logat'];
                            $_SESSION['userc']=serialize($user);
                     }
                                       else echo "FAIL";


    }
    }///if rows ==1
    }
   
$logat=  is_logat();

    
    
    ///////////// Cautari dinamice & afisari ///////////////////
   if(!strcmp($_GET['action'],"cauta_tel")){
        mysql_safer();

        if(!isset($_POST['cauta_tel']))
        {   list_tel (); exit;}

        echo "<ul>";
        $nume = $_POST['cauta_tel'];
        $sql_cauta = "Select nume, telefon, user_id from carte_telefon WHERE nume like '%".$nume."%' OR telefon = '".$nume."' ";
        $rezultat = $class_db->q($sql_cauta);
        if(!$rezultat)
            echo ("Nu exista acest nume/nr tel in cartea de telefon");
        else
        {
            while( $row =  mysql_fetch_array($rezultat) )
                echo "<li style='margin-left:20px;'><a href='".$path."profil.php?id=".$row['user_id']."'>".$row['nume']."</a>       ".$row['telefon']."</li><br/>";

        }
       echo "</ul>";
   }
   
   if(!strcmp($_GET['action'],"show_news")){
        mysql_safer();

        echo list_news($_POST['number']);
   }
   
   if(!strcmp($_GET['action'],"cauta_rez")){

        if(isset($_SESSION['logat']) && $_SESSION['logat'] == "admin" )
        $adm=1;
        mysql_safer();$do=2;
        $query="SELECT rezervari.RID,sali.nume,perioade.perioada,rezervari.data ,detalii_utilizatori.Nume,detalii_utilizatori.Prenume,rezervari.motiv FROM `rezervari` INNER JOIN `sali` ON rezervari.OID=sali.SID INNER JOIN `perioade` ON rezervari.PID=perioade.PID INNER JOIN `detalii_utilizatori` ON rezervari.UID=detalii_utilizatori.ID WHERE RID>0";
        if($adm<1)
        $query.=" AND STATUS=1 ";
        if(isset($_POST['data']) && strlen($_POST['data'])>4) {$do=1; $query.=" AND data='".$_POST['data']."' " ; }
        if(isset($_POST['perioada']) && !empty($_POST['perioada'])) {$do=1; $query.=" AND rezervari.PID='".$_POST['perioada']."' " ; }
        if(isset($_POST['sala']) && !empty($_POST['sala'])) {$do=1; $query.=" AND SID='".$_POST['sala']."' " ; }
        if(isset($_POST['motiv']) && strlen($_POST['motiv'])>2) {$do=1; $query.=" AND  motiv like '%".$_POST['motiv']."%'";}

        if($do>0){
        $search="<div id='search_rez'>";
      
        $query.="  ORDER BY data DESC";
        $result=$db->q($query);
        $search.= "<table border='1'>";
        $search.= "<tr border='1'>";
         $search.=  "<td>";
                $search.=  "Sala";
                $search.=  "</td>";
                 $search.=  "<td>";
                $search.=  "Interval Orar";
                $search.=  "</td>";
                 $search.=  "<td>";
                $search.=  "Data";
                $search.=  "</td>";
                 $search.=  "<td>";
                $search.=  "Nume";
                $search.=  "</td>";
                 $search.=  "<td>";
                $search.=  "Prenume";
                $search.=  "</td>";
                 $search.=  "<td>";
                $search.=  "Motiv";
                $search.=  "</td>";
        $search.=  "</tr>";
         $search.= "</table>";

        $search.= "<ul class='p_rezerveri_list'>";
        if(isset($result) && !empty($result) )
        while($rows = mysql_fetch_array($result)){
            $search.= "<li id='p_".$rows[0]."' class='p_rezervari_li' >";
            for($i=1;$i<7;$i++){
                $search.=  " <span>";
                $search.=  $rows[$i];
                $search.=  "</span> ";
            }
            if( $_SESSION['logat'] == "admin" )
    {
            $search.= '<div class="p_rezervari_extra" style="display:none;">';
            $search.= '<a href="'.$path.'/boss/e_rezervari.php?r='.$rows[0] .'" class="edit" id="e_'.$rows[0] .'">Edit</a>';
            $search.= '<a href="#" class="remove" id="r_'.$rows[0] .'">Remove</a>';
            $search.= '</div>';
            $search.=  "</li>";
    }
                   }
          $search.= "</ul>";

        }
        else {
            $search="<p> Data invalida sda! </p> <br />";
        }
        echo $search;
        
   }
   
   if(!strcmp($_GET['action'],"cauta_down")){
    mysql_safer();
    if( $_SESSION['logat'] == "admin" )
        $adm=1;
    $show="";
    $sql_cauta="SELECT file_table.FID,file_table.nume,categorii.categorie,ani.an,file_table.descriere,file_table.type,utilizatori.username,file_table.data FROM file_table INNER JOIN categorii ON file_table.CAT=categorii.CID INNER JOIN ani ON file_table.AN=ani.AID INNER JOIN utilizatori ON file_table.UID=utilizatori.ID WHERE FID>0";
    if(isset($_POST['categoria']) && !empty($_POST['categoria'])) {$do=1; $sql_cauta.=" AND file_table.CAT='".$_POST['categoria']."' " ; }
    if(isset($_POST['an']) && !empty($_POST['an'])) {$do=1; $sql_cauta.=" AND file_table.AN='".$_POST['an']."' " ; }
    if(isset($_POST['keyw']) && !empty($_POST['keyw'])) {$do=1; $sql_cauta.=" AND ( file_table.nume like '%".$_POST['keyw']."%' OR file_table.descriere like '%".$_POST['keyw']."%')" ; }
    //echo $sql_cauta;
    if($adm<1)
        $sql_cauta.=" AND status=1 ";
    $show.= "<table style='width:550px;'>";
    $rezultat = $db->q($sql_cauta);
    $rezultat2= $db->q("CALL metasearch('".$_POST['keyw']."')");
        if(!$rezultat )
           $show.= "N-am gasit nimic!  :(";
        else
        {
            $show.="<tr>";
                    $show.="<td >";
                    $show.="ID";
                    $show.="</td>";
                    $show.="<td >";
                    $show.="Nume";
                    $show.="</td>";
                    $show.="<td >";
                    $show.="Categorie";
                    $show.="</td>";
                    $show.="<td >";
                    $show.="An";
                    $show.="</td>";
                    $show.="<td >";
                    $show.="Descriere";
                    $show.="</td>";
                    $show.="<td >";
                    $show.="Tipul";
                    $show.="</td>";
                    $show.="<td >";
                    $show.="Uploader";
                    $show.="</td>";
                    $show.="<td >";
                    $show.="data";
                    $show.="</td>";
                
           $show.="</tr>";
            
            
            while(  $row =  mysql_fetch_array($rezultat) )
            {
                $show.="<tr>";
                for($i=0;$i<8;$i++){
                   $elem=$row[$i];
                    $show.="<td >";
                    if($i==0) {$fid = $row[$i];$title=list_meta($fid);}
                    if($i==1) $show.= "<a href='".$path."down_show.php?id=$fid' tile='$title' >";
                    $show.="$elem";
                    if($i==1) $show.= "</a>";
                    $show.="</td>";
                }
                $show.="</tr>";
            }

           if($rezultat2)
            while(  $row =  mysql_fetch_array($rezultat2) )
            {
                $show.="<tr>";
                for($i=0;$i<8;$i++){
                   $elem=$row[$i];
                    $show.="<td >";
                    if($i==0) {$fid = $row[$i];$title=list_meta($fid);}
                    if($i==1) $show.= "<a href='".$path."down_show.php?id=$fid' tile='$title' >";
                    $show.="$elem";
                    if($i==1) $show.= "</a>";
                    $show.="</td>";
                }
                $show.="</tr>";
            }
        }
        
    
    $show.= "</table>";
    echo $show;
}
 

/////////////////////////sf . Cautari //////////////////////////

if($logat>0){
   if(!strcmp($_GET['action'],"add_rez")){
        mysql_safer();
        if(strlen($_POST['data'])>4 && !empty($_POST['perioada']) && !empty($_POST['sala'])){
        $user=unserialize($_SESSION['userc']);
        $query="INSERT INTO `rezervari` (`RID`, `UID`, `OID`, `PID`, `motiv`, `data`) VALUES (NULL, '$user->id', '".$_POST['sala']."', '".$_POST['perioada']."', '".$_POST['motiv']."', '".$_POST['data']."')";
       // echo $query;
        $db->q($query);
        $show="<p> Rezervarea inregistrata - in curand un administrator o va vizualiza! </p> <br />";
        
        }
        else {
            $show="<p> Date invalide! </p> <br />";
        }
        echo $show;
       
   }
   
   if(!strcmp($_GET['action'],"upd_rez")){
        mysql_safer();
        if(strlen($_POST['data'])>4 && !empty($_POST['perioada']) && !empty($_POST['sala'])){
        $query="UPDATE  `rezervari` SET  `STATUS` =  '".$_POST['status']."',`OID`='".$_POST['sala']."', `PID`='".$_POST['perioada']."',`motiv`='".$_POST['motiv']."',`data`='".$_POST['data']."' WHERE  `rezervari`.`RID` ='".$_POST['r']."';";
        $db->q($query);
        $show="<p> Modificare facuta! </p> <br />";
        
        }
        else {
            $show="<p> Date invalide! </p> <br />";
        }
        echo $show;
       
   }
   
   if(!strcmp($_GET['action'],"delete_rez")){
        mysql_safer();
       $elems=  explode('_',$_POST['rid']);
       $rid=$elems[1];
       $query="DELETE FROM `rezervari` WHERE  `RID` ='".$rid."';";
        $db->q($query);
       
   }
   
   if(!strcmp($_GET['action'],"delete_meta")){
        mysql_safer();
       $elems=  explode('_',$_POST['fid']);
       $fid=$elems[1];
       $query="SELECT mid FROM `meta_list` WHERE `metan`='".$_POST['text']."'";
       $rezultat=$db->q($query);
       $row =  mysql_fetch_array($rezultat);
       if(isset($row[0])&&strlen($row[0])){
          $query="DELETE FROM `file_meta` WHERE  `RID` ='".$fid."';";
          $db->q($query); 
          echo  $_POST['text']." a fost sters! ";
       }    
    
       
   }
   
  
if(!strcmp($_GET['action'],"add_com")){

        mysql_safer();
        if(strlen($_POST['com'])>4 && !empty($_POST['fid']) && !empty($_POST['com'])){
        $user=unserialize($_SESSION['userc']);
        $_POST['com']=trim($_POST['com']);
        $query="INSERT INTO `comentarii` (`COMID`, `COM`, `FID`, `UID`, `data`) VALUES (NULL, '".$_POST['com']."', '".$_POST['fid']."', '$user->id', '".date("Y-m-d", time())."')";

        $db->q($query);
        $show="<p> Commentariu adaugat!</p> <br />";
        
        }
        else {
            $show="<p> Date invalide! </p> <br />";
        }
        echo $show;
       
   }
   
   if(!strcmp($_GET['action'],"test_json")){
        $return=  json_encode($_POST);
        echo $return;
   }
   
   if(!strcmp($_GET['action'],"get_rezervare")){
        mysql_safer();
        $query="SELECT rezervari.STATUS,rezervari.OID,rezervari.PID,rezervari.data ,detalii_utilizatori.Nume,detalii_utilizatori.Prenume,rezervari.motiv FROM `rezervari` INNER JOIN `sali` ON rezervari.OID=sali.SID INNER JOIN `perioade` ON rezervari.PID=perioade.PID INNER JOIN `detalii_utilizatori` ON rezervari.UID=detalii_utilizatori.ID WHERE RID='".$_GET['r']."'";
        $result=$db->q($query);
        $spit='';
        if(isset($result) && !empty($result) )
        while($rows = mysql_fetch_array($result)){

        $spit= json_encode($rows);
            }

        echo $spit;
   }

  
   
}////end logat
}
?>
